Revision 692577bb
Added by jahoti about 2 years ago
background/policy_injector.js | ||
---|---|---|
2 | 2 |
* Myext injecting policy to page using webRequest |
3 | 3 |
* |
4 | 4 |
* Copyright (C) 2021 Wojtek Kosior |
5 |
* Copyright (C) 2021 jahoti |
|
5 | 6 |
* Redistribution terms are gathered in the `copyright' file. |
6 | 7 |
*/ |
7 | 8 |
|
... | ... | |
12 | 13 |
* IMPORT browser |
13 | 14 |
* IMPORT is_chrome |
14 | 15 |
* IMPORT gen_unique |
16 |
* IMPORT gen_nonce |
|
15 | 17 |
* IMPORT url_item |
18 |
* IMPORT url_extract_policy |
|
16 | 19 |
* IMPORT get_query_best |
17 | 20 |
* IMPORT csp_rule |
18 | 21 |
* IMPORTS_END |
... | ... | |
39 | 42 |
return header.value === rule |
40 | 43 |
} |
41 | 44 |
|
42 |
function inject(details) |
|
45 |
function url_inject(details)
|
|
43 | 46 |
{ |
44 |
const url = url_item(details.url); |
|
47 |
const targets = url_extract_policy(details.url); |
|
48 |
if (targets.policy) { |
|
49 |
return; |
|
50 |
} else if (targets.signed) { |
|
51 |
/* Redirect; update policy */ |
|
52 |
targets.target = targets.target2; |
|
53 |
delete targets.target2 |
|
54 |
} |
|
55 |
|
|
56 |
let redirect_url = targets.base_url + targets.sig; |
|
57 |
let [pattern, settings] = query_best(targets.base_url); |
|
58 |
if (!pattern) |
|
59 |
/* Defaults */ |
|
60 |
settings = {}; |
|
61 |
|
|
62 |
const policy = {allow: settings.allow, nonce: gen_nonce()}; |
|
63 |
|
|
64 |
redirect_url += encodeURIComponent(JSON.stringify(policy)); |
|
65 |
if (targets.target) |
|
66 |
redirect_url += targets.target; |
|
67 |
if (targets.target2) |
|
68 |
redirect_url += targets.target2; |
|
69 |
|
|
70 |
return {redirectUrl: redirect_url}; |
|
71 |
} |
|
45 | 72 |
|
46 |
const [pattern, settings] = query_best(url); |
|
73 |
function inject(details) |
|
74 |
{ |
|
75 |
const targets = url_extract_policy(details.url); |
|
76 |
if (!targets.policy) |
|
77 |
/* Block unsigned requests */ |
|
78 |
return {cancel: true}; |
|
47 | 79 |
|
48 |
const nonce = gen_unique(url); |
|
49 |
const rule = csp_rule(nonce); |
|
80 |
const rule = csp_rule(targets.policy.nonce); |
|
50 | 81 |
|
51 | 82 |
var headers; |
52 | 83 |
|
53 |
if (settings !== undefined && settings.allow) {
|
|
84 |
if (targets.policy.allow) {
|
|
54 | 85 |
/* |
55 | 86 |
* Chrome doesn't have the buggy behavior of repeatedly injecting a |
56 | 87 |
* header we injected once. Firefox does and we have to remove it there. |
... | ... | |
80 | 111 |
if (is_chrome) |
81 | 112 |
extra_opts.push("extraHeaders"); |
82 | 113 |
|
114 |
browser.webRequest.onBeforeRequest.addListener( |
|
115 |
url_inject, |
|
116 |
{ |
|
117 |
urls: ["<all_urls>"], |
|
118 |
types: ["main_frame", "sub_frame"] |
|
119 |
}, |
|
120 |
["blocking"] |
|
121 |
); |
|
122 |
|
|
83 | 123 |
browser.webRequest.onHeadersReceived.addListener( |
84 | 124 |
inject, |
85 | 125 |
{ |
Also available in: Unified diff
Use URL-based policy smuggling
Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a structure. While the details still need to be worked out, the
potential for future expansion is there.